TITLE: EuroMedya - No Redirect/Admin Panel Bypass # Exploit Author: Onur Kara (root9ext) # Service Provider: www.euromedya.com # Vulnerable URL: /hafun/main.php # Dork: - # Vulnerability Type: No Redirect # Severity: Critical Vulnerability Description: A vulnerability has been identified in websites that utilize the hafun/index.php file as the admin panel. The issue arises when blocking access to the hafun/index.php file and accessing the hafun/main.php file, which leads to the unauthorized discovery of the admin panel. Proof of Concept (PoC): URLs: - https://www.ozkoseoglu.com/hafun/index.php - http://www.termodin.com.tr/hafun/index.php - https://www.ertakimya.com/hafun/index.php etc... 1. Access the admin login page, typically located at: https://www.ozkoseoglu.com/hafun/index.php 2.Block access to the hafun/index.php file. 3.Access the hafun/main.php file, typically located at: https://www.ozkoseoglu.com/hafun/main.php 4.Observe that the admin panel is accessible without redirection, indicating successful discovery of the admin panel. Contact Telegram: @rootninext